Impact
The flaw is an insufficient validation of untrusted input in the Chromecast component of Google Chrome. The weakness can allow a remote attacker who has already compromised the renderer process to construct a crafted HTML page that may escape the sandbox and gain higher privileges. This vulnerability is classified as a high‑severity risk.
Affected Systems
Affected versions are all releases of Google Chrome prior to 150.0.7871.47 on any platform. Once updated to 150.0.7871.47 or later, the issue is fixed. The vendor impacting is Google, specifically the Chrome browser.
Risk and Exploitability
The CVSS score is high, but the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector requires the attacker to already compromise a renderer process and then deliver a malicious page. Consequently the exploitation difficulty is moderate to high, but the potential impact is significant if achieved.
OpenCVE Enrichment